EH-Net members are invited to keep the conversation going with Kevin Johnson, Josh Wright and Ed Skoudis from InGuardians. These 3 security experts will be with us for about a week (depending on their time constraints) after each webcast to answer your questions. We will also post the links to webcasts as they become available.

Great webcast guys! I enjoyed it and am looking forward to the next one.

There was a tool mentioned on the 'Using XSS to pivot' slide... it was briefly mentioned about comparing administrative interface fingerprints (or something similar). Can you post a link/name of that tool or maybe a brief rundown of what it does if I misunderstood?

Also, Josh mentioned getting bootable versions of distros. One cool thing you can do is set VMware to boot the ISO of the bootable distro you just downloaded. This way you can run multiple of them at the same time both on the attacker and victim side.

Hey guys, thanks for taking the time to do this presentation. It was very helpful and informative. I have a ton of question as I am new to the field, but I won't bother you with those. My only real important question that I didn't hear much about during the presentation is hardware related. I've had trouble getting the right wireless cards to work with software that I've tried in the past. Do you have any recommendations as to which hardware to use for wireless testing?

One of the additional areas that I would like to see discussed in relation to pen testing is from the forensic side. For example are there markers to be read in a memory grab, magic numbers for the processes that can be grepped from an image (or the memory), what are some of the tell tales that can be found post-mortem. I know 508 covers some of the post-mortem topics, but in a live forensic environment there has not been as much presented.

solidvision wrote:I've had trouble getting the right wireless cards to work with software that I've tried in the past. Do you have any recommendations as to which hardware to use for wireless testing?

A lot of people really like the Alfa card; it is USB and high-powered (500 mW with external antenna connector!) and is plug-and-play with just about any modern Linux distribution. Here is one site that sells this card (no affiliation):

The madwifing cards work great with distributions like Backtrack 3, but will require patching and recompiling your kernel for other Linux distributions. The patch for this card is on the Aircrack-ng site:

BillV wrote:There was a tool mentioned on the 'Using XSS to pivot' slide... it was briefly mentioned about comparing administrative interface fingerprints (or something similar). Can you post a link/name of that tool or maybe a brief rundown of what it does if I misunderstood?

Yokoso! is a tool to identify the administrative interfaces used through fingerprinting techniques. This can be helpful to sort through the page history of a browser controlled by a pen-tester to identify valuable targets to exploit (e.g. previously logged-in administrative pages).

Unfortunately I was only able to make it until the last half of the presentation and I was wondering if it will be available online again for people to watch (such as the Pentest Ninjitsu series). Thanks in advance.

rAWjAW wrote:Unfortunately I was only able to make it until the last half of the presentation and I was wondering if it will be available online again for people to watch (such as the Pentest Ninjitsu series). Thanks in advance.

BillV wrote:There was a tool mentioned on the 'Using XSS to pivot' slide... it was briefly mentioned about comparing administrative interface fingerprints (or something similar). Can you post a link/name of that tool or maybe a brief rundown of what it does if I misunderstood?

Hi BillV,

The tool we mentioned is Yokoso! and will be at yokoso.inguardians.com. We are currently looking to get fingerprints from people and are hoping to get the first set of tools out this weekend. (Depending on my copious amounts of free time)